stringZ has asked for the wisdom of the Perl Monks concerning the following question:

Hey,

I have two processes, test.pl and proc.pl. test.pl runs with elevated rights (as administrator), the other runs as a restricted normal user. They have a common folder in which test.pl creates a file name lock.tmp. Then it will have such permissions that proc.pl won't be able to read it, let alone its attributes or modification time. The last one is the most important, I would like to get the modification time (for this purpose I use GetFileTime from Win32API::File::Time) from proc.pl. A great solution to this problem is to change the owner of lock.tmp to the virtual user Everyone and grant full access. This needs to be done from perl, I can't and won't use command line tools. What I found is Win32::Perms. I wrote a few lines using this package to remove all permissions first. 
use Win32::Perms;
my $file = new Win32::Perms('lock.tmp');
$file->Remove(-1);
$file->Set();
$file->Close();

[download]
This is the point I stuck. I would like to add the special user Everyone and grant full access. Sometimes $dir->Add( { Account => NULL, Mask => FULL ); does it, sometimes not, but I think this last piece of code is nasty. Everyone is tricky because its name is something else on different translations of Windows. My script should run even on these as well. There should be some special and unique ID for Everyone in Windows, because if I bring a file within an archive, from a translated Windows to a non-translated one, it's still Everyone (however it's written in the language that Windows was translated to). Is there any way of setting the owner of a file/directory without specifying the owner's name?

I don't insist on Win32::Perms. If there's another neat Win32 package that could have the job done, also great for me. Nevertheless it would be also a good solution if I could force perl to create every file and folder with this permission mask (similarly to umask in UNIX).

Thanks in advance
stringZ
  • Comment on Grant full access to "Everyone" on Win32 (regardless to its translations)
  • Download Code

Replies are listed 'Best First'.
Re: Grant full access to "Everyone" on Win32 (regardless to its translations)
by BrowserUk (Patriarch) on Oct 21, 2011 at 23:50 UTC

    You need to use the well-known SID for Everyone: S-1-1-0. See the knowledge base for more.

    Whether Win32::Perms accepts SIDs, and if so in what form, I cannot say, as it doesn't appear to be on CPAN.

    With the rise and rise of 'Social' network sites: 'Computers are making people easier to use everyday'
    Examine what is said, not who speaks -- Silence betokens consent -- Love the truth but pardon error.
    "Science is about questioning the status quo. Questioning authority".
    In the absence of evidence, opinion is indistinguishable from prejudice.
[reply]
[d/l]
      Yeah, I would like to use the SID, but I can't do it with Win32::Perms, nor with Win32::FileSecurity. It seems both supports only names.
[reply]
[reply]

        All in all, it would probably be easier to use icacls.

        With the rise and rise of 'Social' network sites: 'Computers are making people easier to use everyday'
        Examine what is said, not who speaks -- Silence betokens consent -- Love the truth but pardon error.
        "Science is about questioning the status quo. Questioning authority".
        In the absence of evidence, opinion is indistinguishable from prejudice.
[reply]
Re: Grant full access to "Everyone" on Win32 (regardless to its translations)
by locked_user sundialsvc4 (Abbot) on Oct 22, 2011 at 13:29 UTC

    In the good Perl spirit of TMTOWTDI ... When the dust finally settles, what do you want to do?   Maybe you could use a named Windows mutual-exclusion object instead of a Unix-style lock file.   In other words, if the purpose is “to achieve mutual exclusion,” maybe in the Windows world a “lock file” isn’t the best way to do it.

Back to Seekers of Perl Wisdom